<?php
include("config.php");

if(isset($_REQUEST['act']) && $_REQUEST['act'] = "update"){
	$id = mysql_escape_string($_REQUEST['id']);
	$log = mysql_escape_string($_REQUEST['log']);
	$status = mysql_escape_string($_REQUEST['status']);
	$sql = "update orders set log = '" .$log."' , status = '" . $status."' where id = '" .$id. "'";
	$mysql->query($sql);
	header("location: orderlist.php");
}else{
	foreach($_POST as &$vv){
		$vv = mysql_escape_string($vv);
	}
	
	unset($_POST['submit']);

	$_POST['status'] = 0;
	$_POST['order_id'] = date('YmdHis');
	$_POST['order_time'] = date('Y-m-d H:i:s');
	$_POST['ip'] = $mysql->getip();
	$_POST['refer'] = $_SERVER['HTTP_REFERER'];
	$_POST['order_page'] = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];

	$keys = array_keys($_POST);
	$vals = array_values($_POST);

	$sql = "insert into orders(". implode(',', $keys) .") values('". implode("','", $vals) ."')";

	//echo $sql;

	$mysql->query($sql);

	echo "<script type='text/javascript'>alert('您的订单已经提交成功！商家会尽快联系！');location.href='".$_SERVER['HTTP_REFERER']."'</script>";
}

?>